CVE-2024-20262Improper Privilege Management in Cisco IOS XR Software

CWE-269Improper Privilege Management4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 94.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR Software
Timeline
PublishedMar 13

Description

A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack. This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issu

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages1 packages

CVEListV5cisco/cisco_ios_xr_software82 versions+81

🔴Vulnerability Details

2
GHSA
GHSA-x2hj-p6wp-544c: A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or2024-03-13
CVEList
CVE-2024-20262: A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or2024-03-13

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability2024-03-13
CVE-2024-20262 — Improper Privilege Management in Cisco | cvebase